Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6a1ac34f27
Branches Tags
cakephp
/
src
/
Http
/
Client
/
Auth
/
Digest.php

Digest.php 4.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
    4. 

  4.  * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
    5. 

  5.  *
    6. 

  6.  * Licensed under The MIT License
    7. 

  7.  * Redistributions of files must retain the above copyright notice.
    8. 

  8.  *
    9. 

  9.  * @copyright     Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
    10. 

  10.  * @link          http://cakephp.org CakePHP(tm) Project
    11. 

  11.  * @since         3.0.0
    12. 

  12.  * @license       http://www.opensource.org/licenses/mit-license.php MIT License
    13. 

  13.  */
    14. 

  14. namespace Cake\Http\Client\Auth;
    15. 

  15. 

  16. use Cake\Http\Client;
    17. 

  17. use Cake\Http\Client\Request;
    18. 

  18. 

  19. /**
    20. 

  20.  * Digest authentication adapter for Cake\Http\Client
    21. 

  21.  *
    22. 

  22.  * Generally not directly constructed, but instead used by Cake\Http\Client
    23. 

  23.  * when $options['auth']['type'] is 'digest'
    24. 

  24.  */
    25. 

  25. class Digest
    26. 

  26. {
    27. 

  27. 

  28.     /**
    29. 

  29.      * Instance of Cake\Http\Client
    30. 

  30.      *
    31. 

  31.      * @var \Cake\Http\Client
    32. 

  32.      */
    33. 

  33.     protected $_client;
    34. 

  34. 

  35.     /**
    36. 

  36.      * Constructor
    37. 

  37.      *
    38. 

  38.      * @param \Cake\Http\Client $client Http client object.
    39. 

  39.      * @param array|null $options Options list.
    40. 

  40.      */
    41. 

  41.     public function __construct(Client $client, $options = null)
    42. 

  42.     {
    43. 

  43.         $this->_client = $client;
    44. 

  44.     }
    45. 

  45. 

  46.     /**
    47. 

  47.      * Add Authorization header to the request.
    48. 

  48.      *
    49. 

  49.      * @param \Cake\Http\Client\Request $request The request object.
    50. 

  50.      * @param array $credentials Authentication credentials.
    51. 

  51.      * @return \Cake\Http\Client\Request The updated request.
    52. 

  52.      * @see http://www.ietf.org/rfc/rfc2617.txt
    53. 

  53.      */
    54. 

  54.     public function authentication(Request $request, array $credentials)
    55. 

  55.     {
    56. 

  56.         if (!isset($credentials['username'], $credentials['password'])) {
    57. 

  57.             return $request;
    58. 

  58.         }
    59. 

  59.         if (!isset($credentials['realm'])) {
    60. 

  60.             $credentials = $this->_getServerInfo($request, $credentials);
    61. 

  61.         }
    62. 

  62.         if (!isset($credentials['realm'])) {
    63. 

  63.             return $request;
    64. 

  64.         }
    65. 

  65.         $value = $this->_generateHeader($request, $credentials);
    66. 

  66. 

  67.         return $request->withHeader('Authorization', $value);
    68. 

  68.     }
    69. 

  69. 

  70.     /**
    71. 

  71.      * Retrieve information about the authentication
    72. 

  72.      *
    73. 

  73.      * Will get the realm and other tokens by performing
    74. 

  74.      * another request without authentication to get authentication
    75. 

  75.      * challenge.
    76. 

  76.      *
    77. 

  77.      * @param \Cake\Http\Client\Request $request The request object.
    78. 

  78.      * @param array $credentials Authentication credentials.
    79. 

  79.      * @return array modified credentials.
    80. 

  80.      */
    81. 

  81.     protected function _getServerInfo(Request $request, $credentials)
    82. 

  82.     {
    83. 

  83.         $response = $this->_client->get(
    84. 

  84.             $request->url(),
    85. 

  85.             [],
    86. 

  86.             ['auth' => []]
    87. 

  87.         );
    88. 

  88. 

  89.         if (!$response->getHeader('WWW-Authenticate')) {
    90. 

  90.             return [];
    91. 

  91.         }
    92. 

  92.         preg_match_all(
    93. 

  93.             '@(\w+)=(?:(?:")([^"]+)"|([^\s,$]+))@',
    94. 

  94.             $response->getHeaderLine('WWW-Authenticate'),
    95. 

  95.             $matches,
    96. 

  96.             PREG_SET_ORDER
    97. 

  97.         );
    98. 

  98.         foreach ($matches as $match) {
    99. 

  99.             $credentials[$match[1]] = $match[2];
    100. 

  100.         }
    101. 

  101.         if (!empty($credentials['qop']) && empty($credentials['nc'])) {
    102. 

  102.             $credentials['nc'] = 1;
    103. 

  103.         }
    104. 

  104. 

  105.         return $credentials;
    106. 

  106.     }
    107. 

  107. 

  108.     /**
    109. 

  109.      * Generate the header Authorization
    110. 

  110.      *
    111. 

  111.      * @param \Cake\Http\Client\Request $request The request object.
    112. 

  112.      * @param array $credentials Authentication credentials.
    113. 

  113.      * @return string
    114. 

  114.      */
    115. 

  115.     protected function _generateHeader(Request $request, $credentials)
    116. 

  116.     {
    117. 

  117.         $path = $request->getUri()->getPath();
    118. 

  118.         $a1 = md5($credentials['username'] . ':' . $credentials['realm'] . ':' . $credentials['password']);
    119. 

  119.         $a2 = md5($request->method() . ':' . $path);
    120. 

  120. 

  121.         if (empty($credentials['qop'])) {
    122. 

  122.             $response = md5($a1 . ':' . $credentials['nonce'] . ':' . $a2);
    123. 

  123.         } else {
    124. 

  124.             $credentials['cnonce'] = uniqid();
    125. 

  125.             $nc = sprintf('%08x', $credentials['nc']++);
    126. 

  126.             $response = md5($a1 . ':' . $credentials['nonce'] . ':' . $nc . ':' . $credentials['cnonce'] . ':auth:' . $a2);
    127. 

  127.         }
    128. 

  128. 

  129.         $authHeader = 'Digest ';
    130. 

  130.         $authHeader .= 'username="' . str_replace(['\\', '"'], ['\\\\', '\\"'], $credentials['username']) . '", ';
    131. 

  131.         $authHeader .= 'realm="' . $credentials['realm'] . '", ';
    132. 

  132.         $authHeader .= 'nonce="' . $credentials['nonce'] . '", ';
    133. 

  133.         $authHeader .= 'uri="' . $path . '", ';
    134. 

  134.         $authHeader .= 'response="' . $response . '"';
    135. 

  135.         if (!empty($credentials['opaque'])) {
    136. 

  136.             $authHeader .= ', opaque="' . $credentials['opaque'] . '"';
    137. 

  137.         }
    138. 

  138.         if (!empty($credentials['qop'])) {
    139. 

  139.             $authHeader .= ', qop="auth", nc=' . $nc . ', cnonce="' . $credentials['cnonce'] . '"';
    140. 

  140.         }
    141. 

  141. 

  142.         return $authHeader;
    143. 

  143.     }
    144. 

  144. }
    145. 

  145. 

  146. // @deprecated Add backwards compat alias.
    147. 

  147. class_alias('Cake\Http\Client\Auth\Digest', 'Cake\Network\Http\Auth\Digest');
    148.